working on #21976
This commit is contained in:
parent
66d3bd0c0b
commit
035b71be37
|
@ -11,6 +11,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
|
|||
[#21890] Porting to ConcessioniManagerI and pass to mongoID
|
||||
[#20595] Porting and using the model view provided by geoportal-common
|
||||
[#21946] Show layers of a concessione automatically on map according to zoom level
|
||||
[#21976] Access policies checked on server-side
|
||||
|
||||
## [v1.2.0-SNAPSHOT] - 2021-07-19
|
||||
|
||||
|
|
|
@ -7,7 +7,7 @@ The GeoPortal Data Viewer App is an application to access, discovery and navigat
|
|||
* [OpenJDK](https://openjdk.java.net/) - The JDK used
|
||||
* [Maven](https://maven.apache.org/) - Dependency Management
|
||||
|
||||
** Uses **
|
||||
**Uses**
|
||||
|
||||
* [GWT-OL3](https://github.com/TDesjardins/gwt-ol) GWT-OpenLayers 3+ v.8.0.0-gwt2_9
|
||||
* [OpenLayers](https://openlayers.org/) OpenLayers v.6.X
|
||||
|
|
|
@ -145,14 +145,6 @@ public class LayerManager {
|
|||
GWT.log("MAX_WFS_FEATURES is: " + GeoportalDataViewerConstants.MAX_WFS_FEATURES);
|
||||
// GeoportalDataViewerConstants.print("calling getDataResult");
|
||||
|
||||
// List<String> mapLayers = olMap.getLayers();
|
||||
//// List<LayerObject> listLO = new ArrayList<LayerObject>(mapLayers.size());
|
||||
// for (String layerName : mapLayers) {
|
||||
//// LayerItem layerItem = new LayerItem();
|
||||
//// layerItem.setName(layerName);
|
||||
//// listLO.add(new LayerObject("Concessione",layerItem));
|
||||
// GWT.log("Layer found: "+layerName);
|
||||
// }
|
||||
|
||||
List<LayerObject> listLO = new ArrayList<LayerObject>();
|
||||
//for querying base layers
|
||||
|
|
|
@ -20,12 +20,17 @@ import org.gcube.application.geoportalcommon.shared.GeoNaItemRef;
|
|||
import org.gcube.application.geoportalcommon.shared.LayerItem;
|
||||
import org.gcube.application.geoportalcommon.shared.gis.BoundsMap;
|
||||
import org.gcube.application.geoportalcommon.shared.products.ConcessioneDV;
|
||||
import org.gcube.application.geoportalcommon.shared.products.model.AbstractRelazioneScavoDV;
|
||||
import org.gcube.application.geoportalcommon.shared.products.model.LayerConcessioneDV;
|
||||
import org.gcube.application.geoportalcommon.shared.products.model.RelazioneScavoDV;
|
||||
import org.gcube.application.geoportalcommon.shared.products.model.UploadedImageDV;
|
||||
import org.gcube.application.geoportalcommon.util.URLParserUtil;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.client.GeoportalDataViewerService;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.client.ui.gallery.ImagesGallery;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.client.ui.products.concessioni.RelazioneScavoView;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.server.gis.FeatureParser;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.server.gis.WMSUrlValidator;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.server.util.CheckAccessUtil;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.server.util.SessionUtil;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.shared.GeoNaSpatialQueryResult;
|
||||
import org.gcube.portlets.user.geoportaldataviewer.shared.gis.LayerObject;
|
||||
|
@ -147,11 +152,12 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
|||
if (concessioneIds != null && concessioneIds.size() > 0) {
|
||||
String cId = concessioneIds.get(0);
|
||||
try {
|
||||
UploadedImageDV uplImg = SessionUtil.getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId);
|
||||
//List<UploadedImageDV> listUI = getUploadedImagesForId("Concessione", cId, 1);
|
||||
UploadedImageDV uplImg = SessionUtil
|
||||
.getPreviewImageForConcessione(this.getThreadLocalRequest(), "Concessione", cId);
|
||||
// List<UploadedImageDV> listUI = getUploadedImagesForId("Concessione", cId, 1);
|
||||
Map<String, List<UploadedImageDV>> mapImages = new LinkedHashMap<String, List<UploadedImageDV>>();
|
||||
mapImages.put(cId, Arrays.asList(uplImg));
|
||||
//mapImages.put(cId, listUI);
|
||||
// mapImages.put(cId, listUI);
|
||||
geoDAO.setMapImages(mapImages);
|
||||
} catch (Exception e) {
|
||||
LOG.warn("Error on loading uploaded images for concessione: " + cId, e);
|
||||
|
@ -271,9 +277,71 @@ public class GeoportalDataViewerServiceImpl extends RemoteServiceServlet impleme
|
|||
// Obtain the client
|
||||
ConcessioniManagerI manager = statefulMongoConcessioni().build();
|
||||
Concessione concessione = manager.getById(mongoId);
|
||||
LOG.info("Got concessione for mongoId " + mongoId);
|
||||
LOG.info("Got concessione for mongoId: " + mongoId);
|
||||
if (concessione != null) {
|
||||
concessionDV = ConvertToDataViewModel.toConcessione(concessione);
|
||||
|
||||
GCubeUser user = SessionUtil.getCurrentUser(this.getThreadLocalRequest());
|
||||
String userName = user == null ? null : user.getUsername();
|
||||
|
||||
//TODO THIS IS A WORKAROUND WAITING FOR USER ROLE.
|
||||
//I CAN CHECK THE ACCCESS POLICIES ONLY IF THE USER IS NOT LOGGED IN.
|
||||
if (user != null) {
|
||||
|
||||
// CHECKING ACCESS POLICY
|
||||
LOG.info("Applying access policies for concessione " + mongoId + " returned by service");
|
||||
LayerConcessioneDV layerPosizionamento = concessionDV.getPosizionamentoScavo();
|
||||
if (layerPosizionamento != null) {
|
||||
if (!CheckAccessUtil.isAccessible(layerPosizionamento.getPolicy(), userName)) {
|
||||
concessionDV.setPosizionamentoScavo(null);
|
||||
}
|
||||
}
|
||||
|
||||
List<LayerConcessioneDV> listLayersDV = concessionDV.getPianteFineScavo();
|
||||
if (listLayersDV != null) {
|
||||
List<LayerConcessioneDV> accessibleListLayersDV = new ArrayList<LayerConcessioneDV>();
|
||||
for (LayerConcessioneDV layerDV : listLayersDV) {
|
||||
if (CheckAccessUtil.isAccessible(layerDV.getPolicy(), userName)) {
|
||||
accessibleListLayersDV.add(layerDV);
|
||||
}
|
||||
}
|
||||
concessionDV.setPianteFineScavo(accessibleListLayersDV);
|
||||
}
|
||||
|
||||
AbstractRelazioneScavoDV abstractRS = concessionDV.getAbstractRelazioneScavo();
|
||||
if (abstractRS != null) {
|
||||
if (!CheckAccessUtil.isAccessible(abstractRS.getPolicy(), userName)) {
|
||||
concessionDV.setAbstractRelazioneScavo(null);
|
||||
}
|
||||
}
|
||||
|
||||
RelazioneScavoDV relazioneScavo = concessionDV.getRelazioneScavo();
|
||||
if (relazioneScavo != null) {
|
||||
if (!CheckAccessUtil.isAccessible(relazioneScavo.getPolicy(), userName)) {
|
||||
concessionDV.setRelazioneScavo(null);
|
||||
}
|
||||
}
|
||||
|
||||
List<UploadedImageDV> immagini = concessionDV.getImmaginiRappresentative();
|
||||
if (immagini != null && immagini.size() > 0) {
|
||||
List<UploadedImageDV> accessibleListImages = new ArrayList<UploadedImageDV>();
|
||||
|
||||
// SHOWING ACESSIBLE IMAGES
|
||||
for (UploadedImageDV uploadedImageDV : immagini) {
|
||||
|
||||
if (CheckAccessUtil.isAccessible(uploadedImageDV.getPolicy(), userName)) {
|
||||
accessibleListImages.add(uploadedImageDV);
|
||||
}
|
||||
|
||||
}
|
||||
concessionDV.setImmaginiRappresentative(accessibleListImages);
|
||||
|
||||
}
|
||||
|
||||
// END CHECKING ACCESS POLICY
|
||||
LOG.info("Access policies applied");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if (concessionDV == null)
|
||||
|
|
|
@ -0,0 +1,87 @@
|
|||
package org.gcube.portlets.user.geoportaldataviewer.server.util;
|
||||
|
||||
/**
|
||||
* The Class CheckAccessUtil.
|
||||
*
|
||||
* @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it)
|
||||
*
|
||||
* Sep 8, 2021
|
||||
*/
|
||||
public class CheckAccessUtil {
|
||||
|
||||
/**
|
||||
* The Enum ACCESS_POLICY.
|
||||
*
|
||||
* @author Francesco Mangiacrapa at ISTI-CNR (francesco.mangiacrapa@isti.cnr.it)
|
||||
*
|
||||
* Sep 8, 2021
|
||||
*/
|
||||
public static enum ACCESS_POLICY {
|
||||
OPEN, RESTICTED
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if is open access.
|
||||
*
|
||||
* @param policy the policy
|
||||
* @return true, if is open access
|
||||
*/
|
||||
private static boolean isOpenAccess(String policy) {
|
||||
if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.OPEN.name())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if is restricted access.
|
||||
*
|
||||
* @param policy the policy
|
||||
* @return true, if is restricted access
|
||||
*/
|
||||
private static boolean isRestrictedAccess(String policy) {
|
||||
if (policy == null || policy.equalsIgnoreCase(ACCESS_POLICY.RESTICTED.name())) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if is accessible.
|
||||
*
|
||||
* @param policy the policy
|
||||
* @param myLogin the my login
|
||||
* @return true, if is accessible
|
||||
*/
|
||||
public static boolean isAccessible(String policy, String myLogin) {
|
||||
|
||||
boolean bool = isOpenAccess(policy);
|
||||
|
||||
if (bool) {
|
||||
// is open access
|
||||
return true;
|
||||
}
|
||||
|
||||
if (myLogin == null || myLogin.isEmpty()) {
|
||||
// is not open and the user is not authenticated
|
||||
return false;
|
||||
}
|
||||
|
||||
// Here the login is not null, so checking if the access to item is RESTICTED
|
||||
bool = isRestrictedAccess(policy);
|
||||
|
||||
if (bool) {
|
||||
// is restricted access
|
||||
return true;
|
||||
}
|
||||
|
||||
// Here the user is authenticated, but the policy is not managed, so returning
|
||||
// true
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
Loading…
Reference in New Issue